On Fri, Mar 29, 2013 at 10:43 PM, Richard W.M. Jones rjones@redhat.com wrote:
On Fri, Mar 29, 2013 at 10:08:37PM +0530, Dhiru Kholia wrote:
- Hardening flags should be turned on (by default) for all packages
which are at comparatively more risk of being exploited or which meet some well-defined criteria (suggestions welcome).
Is there somewhere which describes what to do / what flags to enable?
http://wiki.debian.org/Hardening describes the various hardening flags.
"_hardened_build" rpm spec macro can be used to harden a package.
For an example, see http://pkgs.fedoraproject.org/cgit/clamav.git/tree/clamav.spec
-- Dhiru